2 Answers
2

It is the best static Java code analyzer out there, AFAIK. I don't have experience with the Eclipse plugin, but at least NetBeans plugin integration works fine. It shows the lines in the source code where it thinks something suspicious is going on. Bug detectors can be individually switched on/off from the Options menu.

I've found it especially useful in finding threading-related issues. That said, sometimes you'll want to do something that FindBugs thinks may be a potential bug but actually isn't, and there's nothing wrong with that. You're the programmer, FindBugs is just a tool; use it, but don't trust it blindly. For example, FindBugs suggests making final everything that can be made. IMHO it just clutters code most of the time.

Yes, FindBugs is useful and you should run it to understand the lists of the kinds of problems it identifies. It is particularly useful for programmers new to Java, who may make a lot of elementary mistakes that are hard to see. For example, if you overload equals instead of overriding it, FindBugs can let you know.

The only downside is its "false positive" rate. That means you'll need to look at what it suggests and then determine if it really is a problem or not. But going through a list of potential false positives can be much better than wasting several hours on a bug that it could have found.

Every (Java) code base should be run through something like FindBugs at least once every significant cycle.

For some further context: FindBugs is a static tool, meaning that it deduces problems from the source code only, and not what data you used on a live run. A nice complement to FindBugs is Whyline. Whyline is a dynamic tool. You execute your program instrumented with Whyline, and you can track the causes for why something was printed or drawn, and even why something was not printed or drawn. Being able to link program output backward to the code the executed to display it is very valuable.